Overview

Lloyd's is the world's leading insurance and reinsurance marketplace. We share the collective intelligence and risk sharing expertise of the market's brightest minds, working together for a braver world.

Our role is to inspire courage, so tomorrow's progress isn't limited by today's risks. Our shared values: we are brave; we are stronger together; we do the right thing; guide what we do and how we act. If you share our values and our passion to build a future that's more sustainable, resilient and inclusive, you'll find a home at Lloyd's - build a braver future with us.

Lloyd's are seeking to recruit a Business Information Security Officer. You will influence and support business leaders to implement cyber security strategy, policies, and standards with high priority, in line with local and international regulations. This role reports directly to the Head of Security Services (Deputy CISO).

Responsibilities

• Partner with and influence business leaders to help them understand and manage the cyber risks associated with their change and day-to-day activity.
• Interface with the wider Information Security Team to manage demand for security services and ensure a clear understanding of business security risks.
• Deliver in line with security related KPI and KRI targets.
• Conduct Security Impact Assessments and support threat modelling.
• Conduct security controls prioritisation for development and remediation.
• Understand and meet regulatory requirements and respond to regulatory audits.
• Conduct third party security assurance activity.

Skills, Knowledge, and Experience

• Essential
  • Deep practical knowledge of the people, process, and technology components of Information Security.
  • Robust understanding of how different cyber risks can materialise across the layers of defence.
  • Knowledge of good security practice, including ISO 27000 series.
  • Knowledge of financial services and governance processes.
  • Awareness of information security governance and compliance.
  • Experience in partnering with business teams and non-technical stakeholders to help them understand and manage cyber risks.
  • Proven experience in conducting Security Impact Assessments and threat modelling.
  • Experience in conducting security controls prioritisation for development and remediation.
  • Experience in engaging with regulators and responding to regulatory audits.
  • Experience in third party security assurance activity.
  • Experience performing risk and compliance reviews on systems/processes.
  • Communication skills — as the interface between information security and the business, must be able to translate security and business principles to each group while building relationships along the way.
  • Executive presence — engage with leadership clearly to negotiate and influence. Able to explain how security investment decisions help the bottom line and mitigate security risk to the organisation.
  • Understand both business and security — must possess broad security and strategic knowledge to work cross-functionally. Able to change the organisation mindset to consider security as part of almost every business decision and vice versa.
  • Risk mitigation management skills — understand and stay focused on risk mitigation for business enablement, including risk identification, risk acceptance, solution development and risk mitigation implementation support.

Desirable

• Good working knowledge of industry good practice frameworks such as NIST Cyber Security Framework, CIS Critical Security Controls, ISO 27001, MITRE ATT&CK, Cyber Kill Chain, etc.
• Undergraduate degree in a relevant field (e.g., Computer Engineering, Computer Science, Information Security) is desirable but not essential.
• Professional certifications in the security domain are preferred but not essential. We will support achieving relevant certifications after recruitment.

Diversity and inclusion are a focus for us – Lloyd's aims to build a diverse, inclusive environment that reflects the global markets we work in. One where everyone is treated with dignity and respect to achieve their full potential. We are positive and inclusive about making workplace adjustments, offer regular health and wellbeing programmes, diversity and inclusion training, employee networks, mentoring and volunteering opportunities as well as investment into your professional development.

We understand that our work/life balance is important to us all and that a hybrid of working from the office and home can offer a great level of flexibility. Flexible working forms part of a total reward approach which offers a host of other benefits over and above the standard offering (generous pension, healthcare, wellbeing etc). These include financial support for training, education & development, a benefit allowance to spend on flexible benefits, employee recognition scheme and various employee discount schemes.

By choosing Lloyd's, you'll be part of a team that brings together the best minds in the industry, and together with our underwriters and brokers, we create innovative, responsive solutions allowing us to share risk and solve complex problems.

Notes: If you require any additional support with your application or adjustments, please consider contacting the appropriate recruitment contact rather than following external links.